8ennett 0 Report post Posted April 30, 2011 Ok, I've recently managed to get VPN working at home and thought I would share this method with everyone as it took me a while to find software and configuration controls that actually work. First of all though I would like to point out, THE FOLLOWING METHOD WILL BYPASS PROXY FILTERS ON YOUR LOCAL NETWORK SUCH AS AT SCHOOL OR AT WORK. THIS IS NOT THE INTENDED PURPOSE OF THIS ARTICLE AND SHOULD NOT BE USED ON ANY NETWORK WHERE YOU DO NOT HAVE PERMISSION FROM THE NETWORK ADMINISTRATOR BEFORE HAND TO BYPASS THESE FILTERS. THE FILTERS ARE IN PLACE FOR A REASON AND IF UNAUTHORISED SHOULD NOT BE BYPASSED. THIS ARTICLE IS DESIGNED TO PROTECT YOU ON PUBLIC NETWORKS SO YOUR DATA CANNOT BE INTERCEPTED BY ANY THIRD PARTIES SNIFFING THE NETWORK. So first I will explain the advantages of using VPN on a network. When connecting to a public network you are sending your data raw through the networks proxy. This is a major security risk as it can be intercepted by people and used for malicious reasons. VPN (Virtual Private Network) is a method of creating an encrypted tunnel straight through the proxy and on to the internet. This works by the VPN client connecting to the proxy, establishing a connection to a tunneling server (Your Freedom for example) and then this external server handles all requests and sends it back to you. If the proxy network has a filter to prevent connections to the external server then this will not work and you will have to find a new server to use. This article assumes you know the proxy server address on your network and the port it operates on. If you do not then you obviously do not have permission to do this. There are other articles online which can help you find this information on your network, but that will not be covered here as it is illegal. Right so first of all you will need to download OpenVPN 2.1.4 (https://openvpn.net/index.php/open-source/downloads.html). It is important you download 2.1.4 and NOT 2.2.0. This is because we will be using a client software named Your Freedom and currently it is unable to detect OpenVPN 2.2+. Now OpenVPN is installed go to Start -> Settings -> Netowrk Connections (path may be different for later versions of Winblows, if so have a little search around online for the alternate path). You should see a new connection in this window named TAP-WIN32 Adapter V9. If this is here then you have setup OpenVPN succesfully and are ready for the next part. Once installed and all appropriate permissions have been set if prompted, you will need to download Your Freedom (http://www.your-freedom.net/index.php?id=downloads) and download the latest full version. If running an older version of Vista, don't download the full version. Instead update the java runtime llibraries manually on your computer then download the 2MB version of Your Freedom. If using the business version of Vista like myself then don't bother, just download the full version (12MB). While this is downloading sign up for an account with Your Freedom on their site. You will be required to validate your account via an email they send out to you. Now you can install Your Freedom and unblock through your firewalls when prompted. Next a setup wizard will guide you through configuring Your Freedom. It will first ask you some questions about your proxy and the settings it needs to connect. Eg. Proxy: webproxy.mynet.com Port: 8080. Also it will ask you for the username and password you signed up to their site with. When done, Your Freedom will begin inspecting its online server database and test which different connections can be made to each server (which ports are open basically). This may take some time, actually that's a lie, this will take A LOT of time so while it is running, kick back and chill with a brew and a smoke. Once it has finally finished and the config wizard has closed, you are ready to configure Your Freedom. In the Your Freedom window, click on the 'Ports' tab at the top. Where it says OpenVPN the port number should be 1194. Now unless you are using something on this port number already (which I really doubt) just leave this as it is and click the radio button so OpenVPN is selected. Now the port number field should grey out. On the top tabs again click the 'Status' tab and then click 'Start Connection'. In the icon tray next to your system clock there should be an icon for Your Freedom with a brown door that is slightly open, after a couple of seconds it should hopefully open a little further. This means that OpenVPN is working properly and you have full access to the Your Freedom servers. Now it's time for the final stage of our setup, configuring firefox (you can use other browsers if you want, but since firefox exists why would you want to?). Open up firefox then go to Tools -> Options -> Advanced -> Network, then under this sub-tab where it says: Configure how firefox connects to the internet, click the Settings button. We are going to configure out local VPN proxy which firefox is going to use to send and receive http requests from. Click the 'Manual Proxy Configuration' radio button and then enter in the http proxy field: 127.0.0.1, and for the port number enter 8080. Beneath this there should be a checkbox named Use this proxy server for all protocols. Check this box then save your settings. If everything has gone to plan, you should now be online and able to visit any website through firefox without risk of your data being stolen. Also, if your network had any web filters (like they put in high schools to block innapropriate content) this should now be completely bypassed and all blocked sites will be available to you. Now because you are using Your Freedom and they are free, you will not get a very fast connection speed. There is the option however to upgrade your account to premium servers where you will get the best connection speed possible for an annual fee. Now many people seem to swear by using CGI web proxys to get around these filters however this is not recommended. For one, the network admins usually find each new proxy and block it after a day or two forcing you to search endless lists for another one which is not blocked. Also, they are incredibly slow, don't work with 50% of websites out there, full of marketing ads, and highly unsecure. Did you know mny of the proxies store certain information passed through them, including usernames and passwords and some even store credit card information. My method of using VPN is highly secure and safe for all, as long as you don't visit any dodgy websites that is. Share this post Link to post Share on other sites
yordan 10 Report post Posted April 30, 2011 My method of using VPN is highly secure and safe for alProbably, yes. However, you have to trust the YourFreedom servers, and if you do that at work, you will have to hope that nobody will use this vpn in order to enter your company severs.And, of course, in order to perform this, you have need system admin permissions on your PC. Share this post Link to post Share on other sites
mahesh2k 0 Report post Posted May 1, 2011 One more thing is that about-speed. How the speed is compromised in this process ? For example, using proxies often requires us to compromise on speed. Most of the IP level anonymous proxies are horribly slow. I have fond that CGI proxies are much faster in comparison but leaves more trails or traces(if you choose to call) and in turn are not secure for office or some other private network. I tried ip-switch proxy which slowed my network down by 10% and therefore i think it's better to use web based anonymous service instead of these proxies. Your method is good, no doubt about that. I just feel uncomfortable with slow proxies method as it turns slow my home network. There are some hide-my-*bottom*/lock-ip sites/softwares that could help in network proxies as well. I think they're paid so not sure how much to trust them even after their paid service. Your method looks good, maybe it'll help some folks here or others on the internet. Share this post Link to post Share on other sites
wutske 0 Report post Posted May 1, 2011 Great guide, but I'd like to add a few limitations to it:1) this will not work when the administrator has blocked the Your Freedom servers on an IP level (or when they simply blocked the DNS name)2) this also won't work when you're behind a corporate firewall which blocks (unknown) VPN connections3) if you're not allowed to bypass the proxy then you shouldn't use this guide. If you're allowed to bypass the proxy then you don't need this guide . Share this post Link to post Share on other sites
8ennett 0 Report post Posted May 1, 2011 Probably, yes. However, you have to trust the YourFreedom servers, and if you do that at work, you will have to hope that nobody will use this vpn in order to enter your company severs. And, of course, in order to perform this, you have need system admin permissions on your PC. This is true, but Your Freedom has an excellent track record and is used by many. Also since the connection is encrypted to prevent proxy filters from detecting disallowed connections, unless you work for Your Freedom and have access to the cypher it is unlikely they will be able to gain access. Even if using this in school (I wouldn't recommend using this in work anyway) I would say it was best to install it on your own laptop and not a school computer. This example is completely theoretical: Say I lost my home internet connection due to not being able to pay for it, but I live near a school. The school gives laptops to its students who live in the immediate area (on loan) and these laptops are configured to connect to the wireless network they broadcast across the immediate area. Now, theoretically, I was able to find out the proxy address the laptops use to connect to the network and I use the Your Freedom technique to encrypt my connection and bypass the filters, I am now able to browse many sites the proxy wouldn't allow (including Xisto btw, theoretically) and is a good put on until I can get my phoneline reconnected. I can also upgrade my Your Freedom account so I have a connection speed of 256kb/s for the same price a month as a burger from McDonalds, or I could even upgrade to an 8MB connection speed although as a temporary solution that's not really an option. Besides, 256kb/s is plenty to play Halo Reach online. So there is a completely theoretical situation, totally not real, and that is what this method is useful for. One more thing is that about-speed. How the speed is compromised in this process ? For example, using proxies often requires us to compromise on speed. Most of the IP level anonymous proxies are horribly slow. I have fond that CGI proxies are much faster in comparison but leaves more trails or traces(if you choose to call) and in turn are not secure for office or some other private network. I tried ip-switch proxy which slowed my network down by 10% and therefore i think it's better to use web based anonymous service instead of these proxies. Your method is good, no doubt about that. I just feel uncomfortable with slow proxies method as it turns slow my home network. There are some hide-my-*bottom*/lock-ip sites/softwares that could help in network proxies as well. I think they're paid so not sure how much to trust them even after their paid service. Your method looks good, maybe it'll help some folks here or others on the internet. After 7pm I've found the YF free servers go to the full 65kb/s speed they advertise. I have the upgraded line so I get 256kb/s and that costs next to nothing a month, but CGI proxies have a massive problem loading complex sites. Have you ever tried to load facebook through a CGI proxy? Even when scripts are enabled the amount of errors it brings up are immense. Trying to load Xisto fails often as well as the libcurl function times out. Also most CGI proxies limit data per connection to 1 megabyte where as with YF it's unlimited (although a maximum of 10 threads are allowed for free users, although these don't timeout and it qeues the other threads). Also there is no advertising with YF at all, some CGI proxies load several pop-ups and splays the screen with ads and that is what really annoys me. Every time you click a link you have to close a load of ads. Plus the constant searching for a new CGI proxy everytime the one you have been using finally gets blocked out is annoying. At least with YF it's an instant connection and there's no risk of getting blocked out every now and then. The system admin won't even know what is going on as all the data is encrypted. Mind you it's true the admin can block the ip of the YF server, but they have hundreds of different servers located around the world, the domain names are each completely different as well and unrelated IP's. So if one of your YF servers does eventually get blocked, you simply switch to the next one. Obviously this method isn't for everyone, but I had trouble finding a tutorial such as this one I've written which outlines the method for setting up this type of proxy bypass. Anyone who is able to use this method then good luck, if not then i'm sure you have your alternate methods and happy browsing. Share this post Link to post Share on other sites